<?php
/**
 * 登录页面
 * 州弟医院信息系统 - 州弟学安全
 */

// 包含头文件
include 'includes/header.php';

// 已登录用户重定向到首页
if (isLoggedIn()) {
    redirect('index.php');
}

// 处理登录表单提交
$error = '';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $username = $_POST['username'] ?? '';
    $password = $_POST['password'] ?? '';
    
    // 基本验证
    if (empty($username) || empty($password)) {
        $error = '请输入用户名和密码';
    } else {
        // 查询用户
        $username = $conn->real_escape_string($username);
        $password = md5($password); // 使用MD5加密密码 (注：实际应用中应使用更安全的密码哈希方法)
        
        $sql = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
        $result = $conn->query($sql);
        
        if ($result && $result->num_rows > 0) {
            $user = $result->fetch_assoc();
            
            // 设置会话变量
            $_SESSION['user_id'] = $user['id'];
            $_SESSION['username'] = $user['username'];
            $_SESSION['user_role'] = $user['role'];
            
            // 更新最后登录时间
            $updateSql = "UPDATE users SET last_login = NOW() WHERE id = " . $user['id'];
            $conn->query($updateSql);
            
            // 记录登录日志
            logAction($user['id'], '用户登录');
            
            // 重定向到相应页面
            switch ($user['role']) {
                case 'admin':
                    redirect('admin/index.php');
                    break;
                case 'doctor':
                    redirect('doctor/index.php');
                    break;
                case 'patient':
                    redirect('patient/index.php');
                    break;
                default:
                    redirect('index.php');
            }
        } else {
            $error = '用户名或密码错误';
        }
    }
}
?>

<div class="row justify-content-center">
    <div class="col-md-6">
        <div class="card">
            <div class="card-header">
                <h4 class="mb-0">用户登录</h4>
            </div>
            <div class="card-body">
                <?php if ($error): ?>
                    <div class="alert alert-danger"><?php echo $error; ?></div>
                <?php endif; ?>
                
                <form method="post" action="login.php">
                    <div class="form-group">
                        <label for="username">用户名</label>
                        <input type="text" class="form-control" id="username" name="username" required>
                    </div>
                    <div class="form-group">
                        <label for="password">密码</label>
                        <input type="password" class="form-control" id="password" name="password" required>
                    </div>
                    <div class="form-group form-check">
                        <input type="checkbox" class="form-check-input" id="remember" name="remember">
                        <label class="form-check-label" for="remember">记住我</label>
                    </div>
                    <button type="submit" class="btn btn-primary btn-block">登录</button>
                </form>
                
                <div class="text-center mt-3">
                    <a href="forgot_password.php">忘记密码？</a>
                </div>
            </div>
            <div class="card-footer text-center">
                <p class="mb-0">还没有账号？ <a href="register.php">立即注册</a></p>
            </div>
        </div>
        
        <div class="card mt-4">
            <div class="card-header bg-light">
                <h5 class="mb-0">温馨提示</h5>
            </div>
            <div class="card-body">
                <ul class="mb-0">
                    <li>如果您是患者，请注册患者账号。</li>
                    <li>如果您是医院工作人员，请联系管理员开通账号。</li>
                    <li>登录遇到问题，请联系我们的技术支持：010-12345678。</li>
                </ul>
            </div>
        </div>
    </div>
</div>

<?php
// 包含尾文件
include 'includes/footer.php';
?> 